auth: Implement special handling of password fields on XML POST

The Cisco AnyConnect client exhibits some quirky behavior on fields with certain names: For "answer", "whichpin", and "new_password", the field is renamed to "password" in the submission. For "verify_pin" and "verify_password", the field is omitted entirely. One might expect the client to perform a comparison to see if the first password/PIN field matches the verify_* field, but in my testing, I didn't actually see it doing so. Signed-off-by: Kevin Cernekee <cernekee@gmail.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
sailfishos-mirror · Feb 17, 2013 · e8a0cec · e8a0cec
1 parent 5c4d37a
commit e8a0cec
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/auth.c b/auth.c
@@ -803,6 +803,21 @@ static int xmlpost_append_form_opts(struct openconnect_info *vpninfo,
 			continue;
 		}
 
+		/* answer,whichpin,new_password: rename to "password" */
+		if (!strcmp(opt->name, "answer") ||
+		    !strcmp(opt->name, "whichpin") ||
+		    !strcmp(opt->name, "new_password")) {
+			if (!xmlNewTextChild(node, NULL, XCAST("password"), XCAST(opt->value)))
+				goto bad;
+			continue;
+		}
+
+		/* verify_pin,verify_password: ignore */
+		if (!strcmp(opt->name, "verify_pin") ||
+		    !strcmp(opt->name, "verify_password")) {
+			continue;
+		}
+
 		/* everything else: create <foo>user_input</foo> under <auth> */
 		if (!xmlNewTextChild(node, NULL, XCAST(opt->name), XCAST(opt->value)))
 			goto bad;